Add WhipHash: Secure password generator vault using Pyth Entropy

[dumprahul]

Pyth Examples Contribution

Type of Contribution

• New Example Project (Adding a new example to demonstrate Pyth integration)
• Hackathon Submission (Submitting a project from a hackathon)

Project Information

Project/Example Name: WhipHash - Secure Password Vault

Pyth Product Used:

• Pyth Entropy

Blockchain/Platform:

• Ethereum/EVM

Description

What does this contribution do?

WhipHash is a next-generation password generation and management system that produces secure, verifiable, and tamper-resistant passwords. Unlike conventional password managers that rely solely on local device randomness or centralized servers, WhipHash combines multiple layers of cryptographic security and on-chain verifiable randomness to ensure that every password is unique, unpredictable, and resilient against both offline and online attacks.

deployed this - https://whiphash.vercel.app/

so that pyth team can verify for pyth randomness.

i'm letting you know that the saved passwords in web will be seen by anyonenow becuase i have pasted my secretvault credentials. I deployed this webapplication for pyth team for generating randomness.

to experience the whole private encryption and storage across Nillion secret vaults, please go for local deployment.

How does it integrate with Pyth?

WhipHash leverages Pyth Entropy contracts deployed on Base L2 to fetch verifiable random values (R1 and R2). These values are public but auditable, ensuring that the randomness source is unbiased and tamper-resistant. The integration follows this workflow:

1. Fetch R1 from Pyth Entropy on Base L2
2. Generate LocalKey via Argon2id from device entropy + optional user secret
3. Combine LocalKey + R2 using HKDF → produce cryptographic seed
4. Harden seed with Argon2id → final password
5. Store password securely in NilDB SecretVault (encrypted + split across nodes)

What problem does it solve or demonstrate?

This project demonstrates how Pyth Entropy can be used to create cryptographically secure passwords that are:

• Resistant to biased RNGs: Mixing device entropy with verifiable on-chain randomness prevents single-source manipulation
• Memory-hard hardened: Argon2id prevents fast GPU or ASIC-based brute-force attacks
• Distributed storage: NilDB ensures no single point of compromise for stored passwords
• Auditable randomness: Users can verify the on-chain entropy used to generate each password

Directory Structure (for new examples)

entropy/whiphash/
├── whipm/                    # Next.js frontend application
│   ├── app/                  # App router pages
│   │   ├── page.tsx         # Landing page
│   │   ├── test/page.tsx    # Password generation
│   │   ├── view/page.tsx    # Password viewing
│   │   └── api/nildb/       # NilDB API routes
│   ├── components/          # React components
│   ├── lib/                 # Utility functions
│   └── demo-extension/      # Browser extension
├── pyth-entropy/            # Solidity contracts
│   ├── src/                # Contract source code
│   ├── script/             # Deployment scripts
│   └── broadcast/          # Deployment artifacts
└── README.md               # Project documentation

Testing & Verification

How to Test This Contribution

The project can be tested by running the Next.js application locally and using the browser extension to generate secure passwords using Pyth Entropy.

Prerequisites

• Node.js version: 18+
• MetaMask wallet (for blockchain interaction)
• Git

Setup & Run Instructions

# Clone the repository
git clone <repository-url>
cd whiphash

# Install dependencies for main app
cd whipm
npm install

# Create environment file
cp .env.example .env.local

# Add required environment variables
# NILLION_API_KEY=your-nillion-api-key
# NILLION_COLLECTION_ID=your-collection-id

# Start development server
npm run dev

# Install browser extension (optional)
# 1. Open Chrome and go to chrome://extensions/
# 2. Enable "Developer mode"
# 3. Click "Load unpacked"
# 4. Select the demo-extension folder

Deployment Information (if applicable)

Network: Base Sepolia Testnet (Chain ID: 84532)

Contract Address(es):

• RandomnessGen: 0xE861DC68Eb976da0661035bBf132d6F3a3288B71
• Entropy: 0x41c9e39574F40Ad34c79f1C99B66A45eFB830d4c

Demo URL: ETHGlobal Showcase

GitHub Repository: dumprahul/whiphash

Checklist

Code Quality

• Code follows existing patterns in the repository
• Proper error handling implemented
• No hardcoded values (use environment variables where appropriate)

Testing

• Tested locally and works as expected
• All existing functionality still works (no breaking changes)

Additional Context

Related Issues

Fixes #

Screenshots/Demo (if applicable)

Live Demo: ETHGlobal Showcase - WhipHash

Key Features Demonstrated:

• Real-time password generation using Pyth Entropy
• Browser extension integration
• Secure storage with NilDB
• Multi-layer cryptographic security

Notes for Reviewers

This project was developed for ETHOnline 2025 and showcases a practical implementation of Pyth Entropy for password generation. The project demonstrates:

1. Client-Side Security: All password generation happens in the browser using Web Crypto API
2. On-Chain Verifiability: Users can verify the randomness used for each password via blockchain transactions
3. Cost Efficiency: Pyth Entropy provides constant fee of 0.00000015 ETH per randomness request
4. Browser Extension: Complete browser extension implementation for easy access
5. Secure Storage: Integration with NilDB for decentralized password storage

The project is production-ready and can serve as a comprehensive example of Pyth Entropy integration in a real-world application.

---